CVE-2009-3033

Symantec Altiris Deployment Solution Buffer Overflow via AeXNSConsoleUtilities.dll

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3033. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/symantec_altirisdeployment_runcmd.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Symantec Altiris Deployment Solution via the RunCmd() method of AeXNSConsoleUtilities.dll. It uses heap spraying and JavaScript obfuscation to execute arbitrary shellcode.

Description

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16528

This is a Metasploit module exploiting a stack buffer overflow in Symantec Altiris Deployment Solution via the RunCmd() method of AeXNSConsoleUtilities.dll. It uses heap spraying and JavaScript obfuscation to execute arbitrary shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Altiris Deployment Solution (AeXNSConsoleUtilities.dll 6.0.0.1426)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed and enabled in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb

This Metasploit module exploits a stack buffer overflow in Symantec Altiris Deployment Solution via the RunCmd() method of AeXNSConsoleUtilities.dll. It uses a heap spray technique to achieve arbitrary code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Altiris Deployment Solution (AeXNSConsoleUtilities.dll 6.0.0.1426)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37092
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3328
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
Various Sources x_refsource_confirm
https://kb.altiris.com/article.asp?article=50072&p=1
Patch, Vendor Advisory x_refsource_confirm
https://kb.altiris.com/article.asp?article=50279&p=1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60496

Scores

EPSS 0.7254
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (7)
symantec/altiris_deployment_solution 6.9 (4 CPE variants)
symantec/altiris_deployment_solution 6.9.164
symantec/altiris_deployment_solution 6.9.176
symantec/altiris_deployment_solution 6.9.355 (2 CPE variants)
symantec/altiris_management_platform 7.0 (2 CPE variants)
symantec/altiris_notification_server 6.0 (5 CPE variants)
symantec/altiris_notification_server 6.0_sp3
Published Nov 25, 2009
Tracked Since Feb 18, 2026